Overview:
The entity maintains, monitors, and evaluates current processing capacity and use of system components (infrastructure, data, and software) to manage capacity demand and to enable the implementation of additional capacity to help meet its objectives.
Action Items:
1) Create a logging and monitoring policy and related procedures and publish on the company intranet for employees to access and review.
2) Inquire of the senior manager of compliance, or equivalent, regarding monitoring applications to determine that monitoring applications are utilized to monitor system performance and are configured to send automated alerts to IT personnel when predefined thresholds have been exceeded.
3) Inspect the monitoring dashboard and alert configurations dashboard to determine that enterprise monitoring applications are utilized to monitor system performance and are configured to send automated alerts to IT personnel when predefined thresholds have been exceeded.
4) Inspect the most recent meeting minutes to determine that IT meetings are held on a monthly basis to review availability trends and availability.
Related Documents:
1) Logging and monitoring policy
2) Monitoring and alerting configurations
3) Sample of meeting agendas for recurring security meetings
Additional Guidance:
The following points of focus highlight important characteristics related to this criterion:
1) Measures Current Usage—The use of the system components is measured to establish a baseline for capacity management and to use when evaluating the risk of impaired availability due to capacity constraints.
2) Forecasts Capacity—The expected average and peak use of system components is forecasted and compared to system capacity and associated tolerances. Forecasting considers capacity in the event of the failure of system components that constrain capacity.
3) Makes Changes Based on Forecasts—The system change management process is initiated when forecasted usage exceeds capacity tolerances.
Article ID: 249
Created: September 26, 2022
Last Updated: September 26, 2022
Author: Matthew Burdick
Online URL: http://www.compliancewiki.org/article/soc-2-managing-capacity-demand-a1-1-249.html